Login to dd-wrt by ssh (+diffie-hellman-group1-sha1)

• Enable ssh from Services page

In your windows or linux machine, under the user home folder

• Create a folder ".ssh" (dot ssh)

• Create a file named "config" inside the .ssh folder

• Contents of config file

    Host  192.168.1.1 ddwrt.lan
        KexAlgorithms +diffie-hellman-group1-sha1
        user root
        port 2222

• Set the file permission to 600

             chmod 600 ~/.ssh/config (linux)

• Steps to set the file permission on windows

Right click config file > properties > security> Advanced>Disable inheritance

Right click config file > properties > security> Advanced>remove all from permission entries except your username

Right click config file > properties > security> Advanced> select your username > edit > full control 

Apply and close window

  

•     Run command  : 

ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 root@ddwrt.lan

 

where root is the user name of router admin, ddwrt.lan is the hostname router, can be replaced with the ip address

Continue Reading...

How to clear DNS cache on dd-wrt?

My router is flashed with dd-wrt which uses the dnsmaq daemon.

About dnsmasq? 

dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. 

To flush out dns cache the dnsmasq daemon has to be restarted.

Login to the router terminal and run commands

# stopservice dnsmasq

# startservice dnsmasq

 

Continue Reading...

python3 [virtualenvwrapper] : set up virtualenv in ubuntu LTS

Setting up virtual environment in ubuntu lts.

• Installing virtualenv: Install into user folder instead of system wide

sudo apt-get install python3-pip

python3 -m pip install --user virtualenvwrapper

• Config virtualenvwrapper

nano ~/home/username/.bashrc

• Add below lines to .bashrc

#setup virtualenv

export WORKON_HOME=$HOME/.virtualenvs

export ROJECT_HOME=$HOME/Devel

export VIRTUALENVWRAPPER_PYTHON = /usr/bin/python3

export VIRTUALENVWRAPPER_SCRIPT=/home/username/.local/bin/virtualenvwrapper.sh

source /home/username/.local/bin/virtualenvwrapper.sh

• Enable config 

source ~/.bashrc

• For below error or screenshot :  export VIRTUALENVWRAPPER_PYTHON=/usr/bin/virtualenvwrapper.sh

/usr/bin/python: No module named virtualenvwrapper

virtualenvwrapper.sh: There was a problem running the initialization hooks.

If python could not import the module virtualenvwrapper.hook_loader,

check that virtualenvwrapper has been installed for 

VIRTUALENVWRAPPER_PYTHON=/usr/bin/python and that python is set properly.

• Quick-Start

Run: workon

A list of environments, empty, is printed.

Run: mkvirtualenv temp

A new environment, temp is created and activated.

Run: workon

This time, the temp environment is included.

Ref: https://virtualenvwrapper.readthedocs.io/en/latest/install.html#basic-installation

Continue Reading...

Mysql (adminer) : error "Access denied for user 'root'@'localhost'(using password :yes)

•  Server

 ubuntu 18.04LTS

• Mysql 

mysql-server v5.7

• Error: 

• edit mysql config file

sudo nano /etc/mysql/my.cnf

• Add to my.cnf

[mysqld]

skip-grant-tables

• restart mysql

sudo systemctl restart mysql

• login to mysql and run command

$ mysql -u root 

UPDATE mysql.user SET authentication_string=PASSWORD('YOURNEWPASSWORD'), plugin='mysql_native_password' WHERE User='root';

exit;

• disable the added lines from my.cnf

#[mysqld]

#skip-grant-tables

• Restart mysql 

sudo systemctl restart mysql

• Run mysql_secure_installation and set 'y' for all options

sudo mysql_secure_installation

• check login to mysql 

mysql -u root -p  

Now login to mysql as user root with new password must be possible.

Continue Reading...

Apache2 : Setup https with self signed certificate and redirect http to https

Note : Internet Browser will issue warning  on self signed certificates.

Self signed secure socket layer (TLS/SSL) certificate, to enable https on apache2 server. Even though the server is on lan, security is a concern when there is a large group of nodes. A zero cost self signed certificate is generated and all http request is rerouted to https

• Create a folder to hold certificate

sudo mkdir /etc/apache2/ssl

 

• Create cretificate and key valid for three years (days 1095 is 3 years)

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

 

• Openssl information of certificate

Country Name (2 letter code) [AU]: IN
State or Province Name (full name) [Some-State]: KA
Locality Name (eg, city) []: Bangalore
Organization Name (eg, company) [My Company]: my company
Organizational Unit Name (eg, section) []: IT
The common name is your domain name or the server IP address.
Common Name (e.g. server FQDN or YOUR name) []: 192.168.2.3 or secure.myserver.lan 

Email Address []:dummy@example.com

 

• Enable ssl

sudo a2enmod ssl

 

• Edit config file (my personal preference I add both http and https conf in one file)

<VirtualHost  *:80>

ServerName myserver.lan

ServerAlias www.myserver.lan

ServerAdmin servername@localhost

ErrorLog ${APACHE_LOG_DIR}/myserver-lan-error.log

CustomLog ${APACHE_LOG_DIR}/myserver-lan-access.log combined

                    # below line will redirect all http request to https 

Redirect permanent / https://myserver.lan

</VirtualHost>

<VirtualHost  *:443>

ServerName myserver.lan

ServerAdmin servername@localhost

DocumentRoot /var/www/secure

<Directory /var/www/secure/>

require host localhost

require ip 127.0.0.1

require ip 192.168

</Directory>

ErrorLog ${APACHE_LOG_DIR}/myserver_lan-error.log

CustomLog ${APACHE_LOG_DIR}/myserver_lan.log combined

SSLEngine on

SSLCertificateFile  /etc/apache2/ssl/myservre-lan.crt

SSLCertificateKeyFile  /etc/apache2/ssl/myserver-lan.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory /usr/lib/cgi-bin>

SSLOptions +StdEnvVars

</Directory>

</VirtualHost> 

• Restart apache

sudo systemctl restart apache2

 

• Enable firewall

sudo ufw allow 'Apache full'

 

For named virtual host create ssl certificates as per the domain name and follow the above steps.

Continue Reading...

Apache2 : Setup named virtual hosts

A server is setup on local lan which acts as a development server, backup server, a secure domain to manage database servers and host other important data on local lan. The setup is same for a valid FQDN which can be accessed from WAN.

Server : Ubuntu 18.04 LTS

Application server :  LAMP stack

Main site path : /var/www/html

domain name : myserver.lan

Virtual host path :  /var/www/vhosts                 

domain name1 : your domain name. 

Example : dev.myserve.lan

domain name2 : your domain name. 

Example : secure.myserver.lan

• Create config files for vhosts 

run command :             

cd /etc/apache2/sites-available

sudo cp  000-default.conf  dev-myserver-lan.conf

sudo cp 000-default.conf  secure-myserver-lan.conf

• Edit config files:

sudo nano /etc/apache2/sites-available/secure-myserver-lan.conf

# Note: you can add ip as <VirtualHost 192.168.1.1:80> to respond to a specific ip.

<VirtualHost *:80>

    ServerName secure.myserver.lan

    #ServerAlias www.myserver.lan 

    ServerAdmin secure_myserver_lan@localhost

    DocumentRoot /var/www/secure

# This site can be accessed from local lan  and ip range (192.168.*.*) only

    <Directory /var/www/secure/>

        require host localhost

        require ip 127.0.0.1

        require ip 192.168

    </Directory> 

# very important set logs for each site (personal preference)

    ErrorLog ${APACHE_LOG_DIR}/secire_myserver_lan-error.log
 

    CustomLog ${APACHE_LOG_DIR}/secure_myserver_lan-access.log combined

<VirtualHost>

• Enable virtual host

# sudo a2ensite your-domain-conf

sudo a2ensite secure-myserver-lan.conf

sudo systemctl restart apache2

• Disable virtualhost

# sudo a2ensite your-domain-conf

sudo a2dissite secure-myserver-lan.conf

sudo systemctl restart apache2

• Routing : If the domains are on local lan, you can forward the requests from your router or add to local host file

sudo nano /etc/hosts

[...]

192.168.1.251    secure.myserver.lan

192.168.1.251    dev.myserver.lan

[...]

• To access the site from a browser use the http or https tag without fail or you may be redirected to websearch

Browser address bar

Wrong : dev.myserver.lan

Right : http://dev.myserver.lan

Right : https://dev.myserver.lan 

Continue Reading...

reset wordpress user password

On updating my wordpress user password I forgot...

Refering : https://codex.wordpress.org/Resetting_Your_Password

I opted for the ftp option but instead of downloading and uploading I logged in through ssh and edited the file. Super easy

1. Login to your site via FTP / SSH  and download or edit your active theme's functions.php file.

2. Edit the file and add this code to it, right at the beginning, after the first <?php:

wp_set_password( 'password', 1 );

Put in your own new password for the main admin user. The "1" is the user ID number in the wp_users table.

3. Upload the modified file back to your site.

4. After you then are able to login, make sure to go back and remove that code. It will reset your password on every page load until you do.

Next step is hardening wordpress

Continue Reading...

Reset dd-wrt web gui password

I changed the dd-wrt router password and could no longer access the device. Lucky, I was able to login to the router with ssh and default username and my old password. This means that the web gui password was corrupted. With the below steps I was able to gain access to the routers web gui.

• Login to the router via ssh.

• Type in nvram set http_passwd=

• Then type in nvram commit

• open browser, connect to the router and change the password "immediately"

• Power off the router for atleast a minute and power on again.

• login to the router and take backup of your settings.

Continue Reading...

list ppa and uninstall with ppa-purge

Remove installed ppa from ubuntu system.

• Install  ppa-purge 

sudo apt-get install ppa-purge

• Run command in terminal to list all configured repositories and ppa in readable format

apt-cache policy | grep http | awk '{print $2 $3}' | sort -u

• Uninstall the ppa with syntax : sudo ppa-purge ppa:<repository-name>/<subdirectory> example in my case

sudo ppa-purge ppa:ubuntu-audio-dev/alsa-daily

• Delete the unwanted source list from the location /etc/apt/sources.list.d. example in my case

sudo rm /etc/apt/sources.list.d/ubuntu-audio-dev-ppa-trusty.list ubuntu-audio-dev-ppa-trusty.list.save 

Continue Reading...

Regain access to lost dd-wrt webmin

I was playing with the webmin of dd-wrt and lost access to it.

1. https://router-ip throws up connection error
2. http://router-ip throws up invalid url

Fortunately I had the ssh port enabled.

To recover the web access, log in to the router and run the below commands.

nvram set remote_management=1
nvram set http_wanport=8080
nvram set httpsd_enable=1
nvram set https_enable=1
nvram set remote_mgt_https=1
nvram commit
reboot

I got access and lessons learned

Very important to take backup from the webaccess in the administration section and under backup

• Direct url: http://192.168.1.1/config.asp
• In the above case my router ip is 192.168.1.1 

Have an secure alternative access to the router ssh or telnet.

If you have an dd-wrt router working well PLEASE do take a backup of the settings.

• IF there is a backup then life is easy.
• Perform hard reset and recover from the backup file.

Now I have a backup file and peace of mind.

Continue Reading...